Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: CMS / Portals :: b06-2358.htm

phpwcms multiple vulnerabilities
- phpwcms multiple vulnerabilities
- phpwcms multiple vulnerabilities

Bugs: Path Disclosure, XSS, Local File Inclusion,
Remote Code Execution
Vulnerable Version: phpwcms 1.2.5-DEV (prior versions
also maybe affected)
Exploitation: Remote with browser

phpwcms is a web content management system optimized
for fast and easy setup on any standard web server.
phpwcms is perfect for professional, public and
private users.

-->>Path Disclosure<<--
Reason: direct access to include files that generates
php error with installation path information.
Several files are vulnerable in this case.

Reason: when register globals is enable several
template files are vulnerable to xss.


Code Snippet:
/include/inc_tmpl/content/ //line#28

-->>Local File Inclusion<<--
Reason: Incorrect use of spaw script (external script)
and its configuration result in local file inclusion
when register globals is enable and gpc_magic_quotes
is Off.


Code Snippet:

if (preg_match("/:\/\//i", $spaw_root)) die ("can't
include external file");

include $spaw_root.'config/spaw_control.config.php';
include $spaw_root.'class/util.class.php';
include $spaw_root.'class/toolbars.class.php';
include $spaw_root.'class/lang.class.php';

-->>Remote Code Execution<<--
Reason: It is possible for an attacker to upload a
picture with php code as EXIF metadata content in his
post and then he can uses above vulnerability to
conduct remote code execution.


Vendor has been contacted but we are not aware of any
vendor supplied patch.
Original Advisories:
IN Farsi: 
Discovered & released by trueend5 (trueend5 kapda ir)
Security Science Researchers Institute Of Iran

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH